SSH key configuration

[EmreAtes]

Why do we need to insert our ssh keys info config.yml now, instead of copying /home/centos/.ssh?

In /home/centos openstack automatically places the selected security key, and if we copy it to /opt/stack, we can ssh directly to the stack user. Is this version more secure? Did the other version break for some reason?

[ghost]

In the other version the ssh keys weren't being copied. Also, configuring ssh in yaml means that we can used this same config file with all operating systems instead of just centos.

[EmreAtes]

I'm curious why it stopped working.

Should we just add everyone's keys to the default file? It's simpler to just copy+paste.

[ghost]

I think someone updated cloud-config on Kaizen. They syntax in our yaml file was for an older version so it wasn't running. Copy + paste works fine but cloud-config is VERY picky about syntax. Even if the file is correct yaml it still might be incorrect cloud-config syntax and it won't give you an error if the syntax is incorrect, the changes just won't be applied. Make sure when you put an ssh key, the format is five spaces, -, space, unquoted public key with no spaces at the end. And make sure there's no extra new line between the rsa key and runcmd section

[ghost]

I'm still looking for a way to have the config script pull in whatever rsa keys the use uploaded when creating the instance, which would be ideal.

[EmreAtes]

I tried the old version, and it still works. I'm not sure why you thought it was not copying ssh keys. I'll keep the docc-lab version as it is until we find a way to copy ssh keys automatically. I also looked into cloud-init and couldn't find a way to do it, besides what you have here - having ssh keys inside the yml file.

[ghost]

The old version from which commit?

[EmreAtes]

I've created a comparison here https://github.com/docc-lab/ORE/compare/master...CCI-MOC:master The only changes I can see are regarding ssh. I think the latest commit we merged was https://github.com/CCI-MOC/ORE/tree/78f563c5fb588af92693faf65da971f984329ed0

[ghost]

That's odd. I had to make a bunch of syntax changes prior that didn't affect ssh, like changing the spacing, to get it to work properly.

[ghost]

So I deployed a new devstack VM using the yaml file from that commit and cloud-config didn't make any of the changes needed for devstack. What steps did you take to deploy?

[EmreAtes]

I noticed that the yaml file linked to from the README file in the link I sent would go back to the master branch. I used our fork's yaml file, the links to the ORE version and our yaml files are here: https://github.com/docc-lab/ORE/blob/master/single_node_devstack/single_node_devstack.yml https://github.com/CCI-MOC/ORE/blob/78f563c5fb588af92693faf65da971f984329ed0/single_node_devstack/single_node_devstack.yml The only difference is the change from ORE to docc-lab on line 34, and I just copied this to openstack and started a VM. I used m1.os.xlarge, and centos7.5 image.

[ghost]

And you were able to ssh into the vm as stack user and see the devstack directory?

[EmreAtes]

yes, I just ssh-ed to stack@ip and I was in /opt/stack, and I ran stack.sh

[EmreAtes]

I'm trying again with a vm called test-vm.

[EmreAtes]

Oh, It first does a yum update, which takes a while even though the VM looks like it has finished initialization. After that update it finished it copies the ssh key. You can view the update progress from the log part in horizon.

[EmreAtes]

After the update (~5 minutes) I was able to ssh with my key.

[ghost]

Yeah kaizen says the VM is done with initialization even if custom configuration is still being applied. You have to look at the VM log to see when it's done.

Also, your fork didn't work for me either. It's not waiting for an update, the cloud-config commands just don't run, which is how it usually behaves when the yaml file syntax is wrong.

[ghost]

I'm using a m1.small VM (larger VMs wouldn't fit in quota), but don't think that would cause cloud-config to fail, especially when it works when changes are made to syntax.